Millions Of P0rnHub Users Hit By Malvertising Attack

Proofpoint Cybersecurity researchers recently uncovered a massive abuse campaign that exposed millions of Internet users in the United States, Canada, the United Kingdom and Australia to malvertising attack.

Active for over a year and still in the course of the malicious campaign is run by a group of hackers called KovCoreG, which is well known for distributing malvertising attack Kovter that has been used in the malicious campaigns of 2015 and more recently in 2017.

The KovCoreG hacking group initially enjoyed P0rnHub, one of the most visited sites in the world, to distribute fake browser updates that worked on all three major Windows browsers, including Chrome, Firefox, and Microsoft Edge / Internet Explorer.

According to Proofpoint researchers, campaign infections appeared on the P0rnHub Web pages through a legitimate advertising network called Drug Addict Traffic, which forces the user to install malicious Kovtar software on their systems.

Among other malicious things, Kovter malvertising attack is known for its unique persistence mechanism, which allows the malware to be loaded after each reboot of the infected host.

The ad network Traffic Junky has redirected users to a malicious website, in which Chrome and Firefox users have received a fake browser update window while users of Internet Explorer and Edge false Flash Update.

The attackers used a series of filters and fingerprints to “time zone, screen size, history length of the current browser window and create a unique identifier through Mumour.”

Investigators said Chrome users were infected with JavaScript code that referred to the server controlled by the attackers, preventing security analysts from working in the infection chain if their IP had not been “checked.”

“This makes it extremely unlikely that JavaScript can run on its own and provide payload in a sandbox environment,” Proofpoint writes. “This is probably the reason why this component of the chain has not been documented before.”

In this case, attackers have limited their campaign for click fraud to generate illegal income, but Proofpoint researchers believe that malvertising attack could be easily modified to propagate ransomware, which steals information from Trojans or other malicious programs.

Official Hacker is your news, tips and tricks website. We provide you with the latest hacking news and hacking tutorials straight from the cyber industry.
OUR MOTTO:- Security In a Professional Way
According To FeedSpot, We Are Awarded As One Of The Top 75 Hacker Blogs Available On The Web. (Securing 45th Position)